4190 matches found
Vulnerability fixed in IBM Spectrum Protect Plus
IBM has fixed a vulnerability in Spectrum Protect Plus. Credentials of users are printed in readable text in the IBM Spectrum Protect Plus virgo log file. IBM has released updates to fix the vulnerabilities in Spectrum Protect Plus 10.1.0.0-10.1.9.32. For more information, see:...
Vulnerabilities fixed in HPE ProLiant Intel BIOS
Vulnerabilities have been fixed in the Intel BIOS of HPE ProLiant DX servers. The vulnerabilities in DX Gen 10 servers with features DX170r, DX190r, DX360, DX380, DX560 and DX4200 allow a local malicious person able to obtain sensitive information or increase privileges. HPE has made updates...
Vulnerabilities fixed in Red Hat OpenShift Container Platform
Multiple vulnerabilities have been fixed in the Red Hat OpenShift Container Platform. These vulnerabilities allow an attacker to able to perform a Cross-Site Scripting XSS attack on the subversion plugin of Jenkins or a denial-of-service DoS in GoLang. Red Hat has made updates available for Red H...
Zero-day vulnerability discovered in Microsoft Word
A researcher has found a zero-day vulnerability in Microsoft Word. This new exploit in Office macros, external template files containing malicious code while macros are disabled. When a user converts the document to RTF format, the code is also executed in "Protected view" or "Preview mode. For...
Vulnerability fixed in Oracle E-Business suite
Oracle has fixed a vulnerability in Oracle E-Business Suite. A malicious party could use the vulnerability to access gain access to sensitive information. The malicious party does not need prior authentication to do so. Oracle indicates that the vulnerability is not present in the Oracle SaaS clo...
Vulnerabilities fixed in VMWare products
VMware has fixed two vulnerabilities in Workspace ONE Access, Identity Manager, vRealize Automation, Cloud Foundation and vRealize Suite Lifecycle Manager. An unauthenticated malicious person with access to the management environment could potentially exploit the vulnerabilities to gain gain...
Vulnerabilities fixed in NVIDIA drivers
NVIDIA has fixed vulnerabilities in its GPU drivers for Windows and Linux. A malicious party could exploit the vulnerabilities to causing the following categories of damage: Denial-of-Service DoS. Data manipulation. Remote code execution Administrator/Root privileges Increased user privileges The...
Vulnerability fixed in Check Point Endpoint Security Client
Check Point has fixed a vulnerability in Check Point Endpoint Security Client for Windows. A local malicious agent could exploit the vulnerability to obtain elevated privileges and then execute arbitrary code under those privileges. To do so, the malicious party must place rogue files in a...
Vulnerability fixed in Dell iDRAC9
Dell has fixed a vulnerability in iDRAC9.The vulnerability allows an unauthenticated malicious party to bypass authentication bypass authentication and gain access to the VNC console. Dell has released updates to fix the vulnerability. For more information, see:...
Vulnerabilities fixed in Adobe Framemaker
Adobe has fixed vulnerabilities in Framemaker. The vulnerabilities allow a malicious party to cause a denial-of-service or execute arbitrary code under privileges of the application. To do this, the malicious party must persuade the victim to open a rogue file. Adobe has released updates to fix t...
Vulnerabilities fixed in Oracle Enterprise Linux kernel
Oracle has fixed vulnerabilities in the Oracle Linux kernel. The vulnerabilities allow a local malicious person to cause a denial-of-service, obtain elevated privileges or gain access to system information. Successful exploit requires authentication. -= Oracle =- Oracle has made updates available...
Vulnerability fixed in Microsoft Azure
A vulnerability has been fixed in Microsoft Azure. The vulnerability allows an authenticated malicious person to execute arbitrary code. The vulnerability is in a driver used to run in Azure Synapse pipelines and Azure Data Factory Integration Runtime IR to connect to Amazon Redshift. The malicio...
Vulnerabilities fixed in Siemens products
Vulnerabilities have been fixed in several Siemens products. The vulnerabilities allow a malicious person to carry out attacks execute attacks that result in the following categories of damage: Cross-Site Scripting XSS Denial-of-Service DoS. Manipulation of data Circumvention of security measure...
Vulnerability fixed in ecdsautils
Debian has fixed a vulnerability in ecdsautils. This is a library used for cryptographic applications based based on ECDSA. The vulnerability is in functionality for validating of ECDSA signatures. The flaw causes an application considers specially crafted signatures to be valid when they are not...
Vulnerabilities fixed in Splunk
Vulnerabilities have been fixed in Splunk. The vulnerabilities potentially enable a malicious person to carry out attacks leading to the following categories of damage: Cross-Site Scripting XSS. Circumvention of security measure Access to system data Increased user privileges Updates have been...
Vulnerabilities fixed in Zoom
Vulnerabilities have been fixed in Zoom. The vulnerabilities allow a malicious person to carry out attacks that result in the following categories of damage: Manipulation of data Circumvention of security measure Access to sensitive data Increased user privileges Zoom has released updates to fix...
Vulnerability fixed in WSO2 products
A serious vulnerability has been fixed in several products of WSO2. A malicious person with access to the network can exploit the exploit the vulnerability to execute arbitrary code or gain access to sensitive data. Public exploit code is available. This exploit code allows a remote malicious par...
Vulnerability fixed in Kibana
A vulnerability has been fixed in Kibana. A malicious party could potentially exploit the vulnerability to obtain sensitive information. The vulnerability is not in the default configuration. Only Kibana installations that explicitly use Elastic Stack monitoring are potentially vulnerable. Elasti...
Vulnerabilities fixed in OpenJPEG
Vulnerabilities have been fixed in OpenJPEG. The vulnerabilities allow a malicious person to perform attacks that lead to the following categories of damage: Denial-of-Service DoS Remote code execution User Rights Access to system data -= openSUSE =- The developers of openSUSE have made updates...
Vulnerability fixed in Mattermost
A vulnerability has been fixed in Mattermost with versions lower than 6.5. Email invitations to a Mattermost channel or server are insufficiently invalidated when selected by an administrator. This allows a person to still participate in Mattermost channels even though access has been revoked aft...
Vulnerabilities fixed in McAfee Agent
Vulnerabilities have been fixed in McAfee Agent. The vulnerabilities potentially enable a malicious party to gain elevated privileges or access to sensitive data, or to execute arbitrary code execute arbitrary code with the application's permissions. McAfee has made updates available to address t...
Vulnerability fixed in PAN-OS
A vulnerability has been fixed in PAN-OS. A malicious person with access to the DNS proxy feature of PAN-OS software could use a Man-in-the-Middle MITM method specifically crafted traffic to the firewall causing the service to be unexpectedly restarted. restart. The vulnerability is in the...
Vulnerability fixed in HAProxy
A vulnerability has been fixed in HAProxy. A malicious party could exploit the vulnerability to cause a denial-of-service. By sending a specifically prepared HTTP response, the application will enter a loop and thus become become unreachable. -= Debian =- Debian has made updates to haproxy...
Vulnerabilities fixed in Microsoft Azure
Microsoft has fixed vulnerabilities in supporting products of Azure. A malicious party could potentially exploit them to appropriate elevated privileges and gain access gain access to sensitive data. The vulnerabilities in Azure Site Recovery are located specifically in the VMWare-to-Azure and...
Vulnerability fixed in Microsoft Windows Defender
A vulnerability has been fixed in Microsoft Windows Defender. A malicious party can exploit this vulnerability to cause a denial-of-service. This requires a user to be tricked into handling a rogue file on the system. Windows Defender: |----------------|------|------------------------------------...
Vulnerability fixed in Microsoft Dynamics
A vulnerability has been fixed in Microsoft Dynamics. The vulnerability potentially allows an authenticated user to to execute arbitrary SQL code on the Dynamics database. Microsoft Dynamics: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerabilities fixed in FortiClient
Vulnerabilities have been fixed in FortiClient for Linux and Windows. The vulnerabilities allow a local malicious agent to to gain access to system data and obtain elevated privileges. Fortinet has released updates to fix the vulnerability. More information can be found on the pages below:...
Vulnerability fixed in SonicOS
SonicWall has fixed a vulnerability in SonicOS. A unauthenticated malicious person could exploit the vulnerability to cause a denial-of-service, and potentially execute arbitrary code execute arbitrary code in the firewall process. SonicWall has released updates to fix the vulnerability in SonicO...
Vulnerability fixed in IBM MQ
IBM has fixed a vulnerability in IBM MQ. The vulnerability allows an authenticated malicious party to cause a denial-of-service exploit. IBM has released updates to fix the vulnerability. For more information, see: https://www.ibm.com/support/pages/node/6560040...
Vulnerability fixed in IBM Specturm Protect
IBM has fixed a vulnerability in Spectrum Protect Server. By exploiting this vulnerability obtain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Server 8.1.14.100. For more information, see:...
Vulnerabilities fixed in Bareos
Vulnerabilities have been fixed in Bareos. The vulnerability with reference CVE-2022-24755 can be exploited to bypass authentication. circumvention. To exploit this vulnerability, the Bareos Director must be configured with PAM as the authentication agent. The vulnerability with attribute...
Vulnerabilities fixed in CyberArk Privileged Session Manager and Password Vault Manager
Vulnerabilities have been fixed in the CyberArk Privileged Session Manager and Password Vault Manager. The vulnerabilities allow a malicious party to conduct attacks that result in the following categories of damage: Circumvention of security measure. Remote code execution User rights Access to...
Vulnerability fixed in ARM, AMD and Intel processors
Researchers at VU Amsterdam have found a new variant of the Spectre vulnerability. The researchers have dubbed the attack Branch History Injection. Previous mitigation for Spectre v2 is not sufficient to fully fix the vulnerability, according to the researchers. According to the researchers, this...
Vulnerabilities fixed in Dell BIOS
Vulnerabilities have been fixed in the BIOS of several Dell products. The vulnerabilities make it possible for a local malicious person with elevated privileges to execute code while the system is active in System Management Mode SMM. Dell has made updates available to fix the vulnerabilities fix...
Vulnerabilities fixed in Sophos SG UTM
Vulnerabilities have been fixed in Sophos SG UTM. The vulnerabilities allow a malicious person to launch attacks that lead to the following categories of damage: Denial-of-Service DoS SQL Injection Access to sensitive data Sophos has fixed the vulnerabilities in SG UTM version 9.710. More...
Vulnerabilities fixed in Schneider Electric Ecostruxure Control Expert
Vulnerabilities have been fixed in the Schneider Electric Ecostruxure Control Expert. The vulnerabilities allow an unauthenticated malicious person able to cause a denial-of-service cause. To exploit these vulnerabilities, a malicious party must be able to intercept specific Modbus data and...
Vulnerability fixed in AMD processors
AMD has fixed a vulnerability with reference CVE-2021-26401 for the Ryzen and Athlon processors. This vulnerability has the same cause as the vulnerability known as Spectre, with attribute CVE-2017-5717. This vulnerability allows a malicious party to obtain sensitive data from the memory of a loc...
Vulnerabilities fixed in Google Chrome
Google has fixed vulnerabilities in Chrome. The vulnerabilities potentially enable a malicious person to carry out attacks that lead to the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution User rights Access to system data Google has ma...
Vulnerabilities fixed in BMC Track-It!
BMC has fixed several vulnerabilities in Track-It! A malicious party could exploit the vulnerabilities to gain access to the application or to execute arbitrary code under the application's privileges. The vulnerability with reference CVE-2022-24047 involves an "authentication bypass" that allows...
Vulnerability fixed in IBM MQ
A vulnerability has been fixed in IBM MQ for the Solaris platform. A malicious party could potentially exploit the vulnerability to cause a denial-of-service via the Queue Manager channel process. IBM has released updates to fix the vulnerability in MQ 9.1. For more information, see:...
Vulnerabilities fixed in VMware Workstation, Fusion & ESXi
VMware has fixed several vulnerabilities in various products, namely Workstation Pro/Player, Fusion and ESXi. The vulnerabilities allow a malicious party to launch attacks that lead to the following categories of damage: Denial-of-Service DoS. Manipulation of data Remote code execution User right...
Vulnerabilities fixed in Palo Alto GlobalProtect App
Palo Alto Networks has fixed vulnerabilities in GlobalProtect App. The vulnerabilities potentially enable a local malicious person to able to launch attacks that result in the following categories of damage: Remote code execution Administrator/Root privileges. Access to sensitive data Increased...
Vulnerabilities fixed in Microsoft Windows
Microsoft has fixed vulnerabilities in Windows. The vulnerabilities potentially enable a malicious person to launch attacks execute attacks that result in the following categories of damage: Denial-of-Service DoS. Remote code execution Administrator/Root rights Remote code execution User rights...
Vulnerabilities fixed in Microsoft SQL Server and Power BI
Microsoft has fixed vulnerabilities in Microsoft SQL Server and Power BI. The vulnerabilities allow a malicious party to obtain elevated user privileges. SQL Server: |----------------|------|-------------------------------------| | CVE ID | CVSS | Impact |...
Vulnerability fixed in VMware Workstation, Fusion & ESXi
A vulnerability has been fixed in VMware Workstation, Fusion & ESXi. The vulnerability enables a malicious person with access to a virtual machine on which CD-ROM virtualization is enabled to able to execute arbitrary code on the hypervisor. To exploit this vulnerability, a CD image must be...
Vulnerabilities fixed in IBM Spectrum Protect Plus
IBM has fixed vulnerabilities in Spectrum Protect Plus. The vulnerabilities, which include those in the Node.js and PostgreSQL components of the product, allow a malicious party to perform attacks that result in the following categories of damage: Cross-Site Scripting XSS. Manipulation of data...
Vulnerability fixed in ABB OPC Server
A vulnerability has been fixed in ABB OPC Server for AC 800M. The vulnerability enables an authenticated remote malicious person to able to execute arbitrary code. ABB has released updates to fix the vulnerability. To exploit this vulnerability requires access to the network of the victim's netwo...
Vulnerability fixed in IBM Spectrum Protect Plus
IBM has fixed a vulnerability in Spectrum Protect Plus. A authenticated malicious party can, by exploiting this vulnerability to gain elevated privileges on the vulnerable system. IBM has released updates to fix the vulnerability in Spectrum Protect Plus 10.1.9. For more information, see:...
Vulnerabilities fixed in Apple macOS
Vulnerabilities have been fixed in macOS Monterey, Big Sur and Catalina. The vulnerabilities allow a malicious party to perform attacks that result in the following categories of damage: Denial-of-Service DoS Circumvention of security measure Remote code execution Administrator/Root rights Remote...
Vulnerability found in i915 kernel driver
A researcher has found a vulnerability in the Linux i915 kernel driver. The memory cache of the i915 kernel graphics driver is not properly cleaned up. An attacker exploiting this vulnerability could cause a local denial-of-service DoS cause or gain access to system data or elevated user...